Modernly, malware on PCs (Personal Computers) is increasingly convoluted and harmful. Anti-malware products have sprung up to combat the problem. In response, malware has begun to develop features that target the anti-malware products themselves so as to damage their effectiveness. In response, techniques have been developed to harden anti-malware products against attack.
One particular problem is that anti-malware products commonly have a need to access updated information (for example data tables of virus signatures) and an efficient way of doing this is via Internet-based downloading. A need has existed to provide for such downloading and similar activities to occur without risk of the downloading process itself becoming compromised by a malware attack. There is a need to robustly control (particularly to alternately grant and disallow) access to communications, especially to and from Internet. In particular it is desirable to be able to deny access to the Internet to ordinary OSes (Operating Systems) and to any programs that they load pending completion of the downloading (and perhaps of integrity verification) of anti-malware information such as virus signatures.
Previously developed solutions address these issues only in part and there remains significant room for improvement.